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TjSTING OF THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the present 
application. Additions are identified by underlming. Deletions are indicated by strik o through 
[brackets]. 

1 . (Original) A method of operating a communications network including a firewall 

comprising the steps of: 

monitoring delays associated with the closing of ports corresponding to 
communications sessions following the termination of said communications sessions as 
indicated by session control signals; and 

generating an alert signal when a monitored closing delay exceeds a preselected 

threshold. 

2. (Original) The method according to claim 1, further comprising the steps of: 
communicating said alert signal to a security management system; and 

operating said security management system to initiate at least one security operation in 
response to said alert signal. 

3. (Original) The method of claim 2, wherein said step of initiating at least one 
security operation includes: 

adjusting network routing to reduce the load on the firewall system which 
triggered said alarm signal. 

4. (Original) The method of claim 2, wherein said step of initiating at least one 
security operation includes: 

controlling the firewall at which said closing delay exceeding said threshold was 
detected to drop traffic until the detected closing delays at said firewall no longer exceed 
said threshold. 
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5. (Original) The method of claim 2, wherein said step of initiating at least one 
security operation includes: 

notifying a system administrator of said alarm condition. 

6. (Original) The method of claim 2, wherein monitoring delays associated with the 
closing of ports corresponding to communications sessions includes: 

transmitting test signals through a port corresponding to an established 
communications session; 

monitoring to detect said test signals which pass through said port; 

transmitting a signal to terminate said established communications session; and 

determining the time between transmitting said signal to terminate said 
established communications session and when the monitored test signals can no longer be 
detected passing through said port. 

7. (Original) The method of claim 6, wherein said test signals are IP packets and 
where said signal to terminate said established communications session is one of a SIP 
and an H.323 compliant signals. 

8. (Original) The method of claim 7, further comprising: monitoring delays 
associated with the opening of ports corresponding to communications sessions following 
the transmission of session initiation signals used to establish said communications 
session; and 

generating an opening delay alert signal when a monitored opening delay exceeds 
a preselected opening delay threshold. 

9. (Currently Amended) A method of operating a communications network 
including a firewall comprising the steps of: 

monitoring delays associated with the opening of ports corresponding to 
communications sessions being initiated through the use of session control signals; and 

generating [[a]] an alert signal when a monitored opening delay exceeds a 
preselected threshold. 

3 
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10. (Original) The method according to claim 9, further comprising the steps of: 
communicating said alert signal to a security management system; and 

operating said security management system to initiate at least one security operation in 
response to said alert signal. 

11. (Original) The method of claim 1 0, wherein said step of initiating at least one 
security operation includes: 

adjusting network routing to reduce the load on the firewall system which 
triggered said alarm signal. 

12. (Original) The method of claim 10, wherein said step of initiating at least one 
security operation includes: 

controlling the firewall at which said opening delay exceeding said threshold was 
detected to drop traffic until the detected opening delays at said firewall no longer exceed 
said threshold. 

13. (Original) The method of claim 1 0, wherein said step of initiating at least one 
security operation includes: 

notifying a system administrator of said alarm condition. 

14. (Currently Amended) A communications system comprising; 

a firewall system responsive to session signals to open and close ports in response 
to the establishment and termination of communications sessions, respectively; 

means for monitoring said firewall to detect a port closing delay following a 
signal to terminate a communications session; and 

an alarm generation device for generating an alarm when [a] the port closing 
delay is determined to exceed a preselected threshold. 

15. (Original) The communications system of claim 14, further comprising: 
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a security management system for receiving alarms generated by said alarm 
generation device and for performing at least one security operation in response to said 
alert signal. 

16. (Original) The communications system of claim 15, wherein said at least one 
security operation is a routing change operation, said security management system 
including means for transmitting routing change information to at least one network 
router to redirect at least some communications traffic away from said firewall to thereby 
reduce the traffic load on said firewall. 

17. (Original) The communications system of claim 15, wherein said at least one 
security operation is a firewall control operation, said security management system 
including means for signaling said firewall to drop traffic to reduce the load on said 
firewall. 

1 8 . (Original) The communications system of claim 1 5, wherein said at least one 
security operation includes notifying a system administrator of said detected port closing 
delay exceeding said preselected threshold, said security management system including a 
graphical display for showing a graphical representation of the detected port closing 
delay information. 

19. (Original) The communications system of claim 15, wherein said means for 
monitoring said firewall to detect a port closing delay following a signal to terminate a 
communications session includes: 

a probe signal generator for generating test signals directed at a port associated 
with the communications session being terminated; and 

a signal analyzer for determining when said generated test signals cease passing 
through said port associated with the communication session following transmission of a 
signal to terminate said communications session. 



5 

PACE 6/14 * RCVD AT 4(4/2005 10:53:23 AM [Eastern Daylight Time] • SVR:USPTO-EFXRF-1/2 ' DNIS:8729306 * CSID:9727183M6 * DURATION (mm-6S):05-50 



04/04/05_ M ON 08 :49 FAX 9727183946 VERIZON IP -- ~ USPATENT-AMEND @007 



20. (Original) The communications system of claim 19, wherein said probe signal 
generator includes means for generating session signals used to initiate and terminate 
communications sessions conducted through said firewall. 

21 . (Original) The communications system of claim 20, wherein said session signals 
are one of SIP signals and H.323 signals. 

22. (Original) The communications system of claim 20, wherein at least some of said 
test signals are IP packets. 

23. (Original) The communications system of claim 15, wherein said security 
management system includes: 

means for receiving alarms from a plurality of different alarm generation devices 
located at different locations in said communications system; and 

means for analyzing alarms received from different alarm generation devices, 
over a period of time, to identify the location of one or more traffic sources causing 
alarms during said period of time. 

24. (Original) The communications system of claim 1 5, wherein said security 
management system includes: 

means for receiving alarms from a plurality of different alarm generation devices 
located at different locations in said communications system; and 

means for analyzing alarms received from different alarm generation devices, 
over a period of time, to predict the occurrence of future security alarms. 

25. (Currently Amended) A communications system comprising; 

a firewall system responsive to session signals to open and close ports in response 
to the establishment and termination of communications sessions, respectively; 

means for monitoring said firewall to detect a port opening delay following a 
signal to establish a communications session; and 
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an alarm generation device for generating an alarm when [a] the port opening 
delay is determined to exceed a preselected threshold. 

26. (Original) The communications system of claim 14, further comprising: 

a security management system for receiving alarms generated by said alarm 
generation device and for performing at least one security operation in response to sa 
alert signal. 



PAGE 8/14 • RCVD AT 4/4/2005 10:53:23 AM [Eastern Daylight Time] • 8VR:U8PTO-EFXRF-1/2 • DNI8:8729306 * C6ID:9727183940 * DURATION (mm-ss):05H50 



